everyone has access to PUB-Folder
Posted: Mon Sep 27, 2010 12:39 pm
Hi,
I just figured out, that eScan Corp creates a pub folder on the server including some sub-folders with shares. A couple of them are configured with all access to every user - including full ntfs permission to everyone! In other words: everyone who knows the hidden share-name is able to view:
-AVX
-DEPLOY
-LOG
I'm not sure of it's possible that a user with some knowledge is able to do changes on policies, changing eScan admin passwords etc etc etc... I don't want to think any further about this...
Kind regards,
Henning
I just figured out, that eScan Corp creates a pub folder on the server including some sub-folders with shares. A couple of them are configured with all access to every user - including full ntfs permission to everyone! In other words: everyone who knows the hidden share-name is able to view:
-AVX
-DEPLOY
-LOG
I'm not sure of it's possible that a user with some knowledge is able to do changes on policies, changing eScan admin passwords etc etc etc... I don't want to think any further about this...
Kind regards,
Henning